Skip to content

Add support for Django ORM .raw method to SQL parameterization codemod #442

Open
@drdavella

Description

@drdavella

Various ORMs (e.g. SQLAlchemy, Django) enable pass-thru execution of raw SQL queries. We need to consider these methods when finding and fixing potential SQL injection vulnerabilities. In the Django ORM specifically, this is enabled via the .raw method: https://docs.djangoproject.com/en/5.0/topics/db/sql/#performing-raw-sql-queries

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or request

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions